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Technical Field of the Invention 

The present invention relates to information networks, and particularly to a 
system of the selection mechanism and security mechanism of information systems 
and corresponding method thereof. 

Background of the Invention 

The infomaation systems referred to hy the present invention include telephone 
networks, cable TV networks, data networks, IP networks such as computer Internet, 
broad band IP networks based on dense waveleagth-division multiplexing (IP over 
DWDM), and etc., these infonnation networks may be public information networks 
interconnected with one another, as well as physically isolated dedicated networks, 
jurisdiction networks, or secure networks. Jurisdiction networks refer to networks 
physically isolated information networks partitioned on the basis of territory such as 
country^ province, city, district, county, and town, or on the basis of trade such as IT 
trade, metallurgy trade, financial and stock marketing trade, and etc. 

Recently, each of the user' s telephone, TV set, and computer is connected to 
the telephone network, cable TV network and computer Internet, respectively, and 
once connected, there is no other choice, these circumstances result in the monopoly 
of the information network providers, which infringes upon the user' s benefits and 
hinders the rapid growth of the quality of service and economical benefits of the 
network provider due to monopoly. 

Means to get rid of monopoly of network providers domestically and 
internationally is to disintegrate the information network providers, however, tbe local 
network monopoly has not been avoided, the users stiU have not much choice of their 
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information networks. For example, China has stipulated recently that flie services of 
telecommimication networks and cable TV networks may not overlap, this has the 
tendency of strengfheniag the monopoly of local networks. 

A5 for the schema of decomposition of the telecommunication services of a 
coimtry (e,g., China) into four bulky blocks of fixed (transfer network), mobile, 
satellite, and paging, the decomposed stracture does not actually get rid of monopoly, 
but only dividing the monopoly of one party into respective monopolies of four 
parties, and whatever of the mobile, satellite, or paging must somewhat depend on the 
block of fixed one. For example, making IP telephone calls over Internet netted with 
satellite links, not only tlie quality of call is lower than that netted with laud optical 
fibers, but also it should finally enter the telephone network portion of that fixed 
network; mobile communication is mudi more dependent on this fixed portion of that 
fixed dependent on this fixed portion^ because ftxe number of fixed telephones has 
exceeded one hundred millions, while that of the mobile telephone subscribers is only 
twenty millions, which shotild fmally enter the telephone network portion of the fixed 
network; pagiDg is more than likely, most subscribers paging via the fixed telephone; 
data communication is also not optimistic, the transmitting capacity of satellite links 
is not as high as that of the land optical fibers nowadays, while the time delay is far 
longer than that of the optical fibers. In other words, the block of the fixed ones is 
substantially monopolistic. There is no new operator tn effective competition with it 
in the field of access networks. 

On the other hand, the vigorous development of the computer latemet has 
caused severe threat on the security of information on the computer local area 
networks. The computer networks originaliy for facilitating the sharing of information 
resources have become convenient tools for stealing information, in addition, the 
stealing process is often undiscoverable and williout any vestige. The basic reason of 
insecurity of the information on the computer local area network is that it is exposed 
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to the hackers almost all the time once getting access to the computer Internet. 

Li order to secxire infonnation on the computer networks, a conventional method 
is to set up a fire wall or proxy server between the computer local area network and 
the computer Internet to control the access to the computer local area networks from 
the computer Internet by the use of software means. However, due to technological 
reasons, it can not protect a computer having access to the Intemet from attacks from 
the Intemet. Therefore, the valuable secret information can not be secured. 

Another scheme is the physical isolation of networks, which guarantees that 
there is no connection of the physical circuitry between the computer Internet and the 
valuable secret iutemal computer network. Thus, wixiag of two networks need to be 
implemented in one ofiSce, and two computers should be put on the desk, which not 
only increases tlie cost of office information system, but also brings about 
inconvenience to the use of the infonnation system; although two computers may 
share the display, keyboard, etc, but the networks can not be saved, and if several 
computer networks of different encryption levels should be added, it is impossible to 
install several computers into one box. 

The unification of world economy urges the governments, enterprises and 
society to need more low price, in time and accurate iofoimalion as weD as high 
q^mlity information services, such information and services can only be obtained by 
breaking the telecommunication monopoly and under the orderly market competition. 
Therefore, the estabhshment of an open and competitive (especially local area 
network competition) telecommunication and infoimation market that guarantees 
information security has become a problem extremely extraotmg concerns and having 
to be solved as soon as possible. 

It is an object of the present invention to provide a system and method for 
implementing selection of various information networks by a user, which enable the 
user to possess the right of choice among various information systems to form a 
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structure of competition of the infonnation networks, aad resolve the conflicts 
between the security of information of computer networks and the convenience of 
using computers to access the information networks, for protecting the internal 
computer networks against access from the Internet by hackers. 

Summary of the Invention 

To achieve the above mentioned object, the present invention provides a system 
for implementing selection of information networks by the user, oomprisiag at least 
two information networks and a user terminal, characterized in further comprising: 

A network selector with one end thereof connected to the user terminal for 
receiving and communicating user parameters and user' s request to access a 
particular information network, and for controlling the user terminal; 

A secure exchange connected to the other end of the network selector, the ports 
on the network side of the secure exchange are mutually physically isolated, the ports 
at the tenninal side of the secure exchange are also mutually physically isolated- the 
secure exchange determines the validity of the user parameters and requests from the 
network selector, aad accepts or rejects the user' s access to the information network 
requested by the user based on the result of detemiination; 

Said system for implementing selection of information networks by the user is 
characterized in: further coraprisitig premises concentrator connected between the 
network selector and the secure exchange, for composing and decomposing the 
signals of the user terminal transferred firom the network selector. 

Said system for implementing selection of infoimation networks by the user is 
characterized in further comprising a storey concentrator comected between the 
premises concentrator and the seciire exchange, for concentrating the plurality of 
premises concentrators to multiplex and relay tbe signals irom the premises 
concentrators. 
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Said system for implementing selection of infortnation network by the user is 
cliaracterized in that; the user terminals are one, twOj, or all of a computer, telephone, 
and TV set; the information networks are interconnected public information networks 
or physically isolated dedicated networks, secure networks or jurisdiction networks, 
the public ioformation networks include telephone networks, TV networks, data 
networks, IP networks and broad band IP networks. 

Said system for implementing selection of information networks by the user is 
characterised in that: the network selector is provided with radio frequency, RJll 
and/or RJ45 ports to couple to the user terminals; the network selector is coupled to 
the sectn:e exchange with an RJ45 interface, the coupling uses one of the two 
undefined twisted pairs in an RJ45 interfSace to transfer said user parameters, requests 
and control information. 

Said system for implementing selection of information networks by the user is 
characterized in that: the network selector is provided with radio frequency, RJll 
and/or RJ45 ports to couple with the user terminal; the network selector is coupled to 
the premises concentrator with an RJ45 interface, and the premises concentrator is 
coupled in turn to the secure exchange with an RJ45 port, one of the two imdefined 
twisted pairs in the iU45 port is used to transfer signals between the network selector, 
the premises concentrator and the secxu-e exchange. 

Said system for implementing selection of information networks by the user is 
characterized in that; the storey concentrator is provided with Rr45 ports on both 
terminal side and network side, the storey concentrator uses one of the two 
undefined twisted pairs in the RJ45 port to transfer parameters and signals, tlie twisted 
pair causes the secure exchange to switch between information networks with 
variations of voltage. 

Said system for implementing selection of information networks by the user is 
character in that the other one of the two undeJSned twisted pairs in said RJ45 port is 
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used to couple to the telephone xnetwork. 

Said system for implementing selection infonnation networks by the user is 
characterized in that optical fibers, cable TV lines, or APSL lines are used to transfer 
parameters and signals. 

Said system for implementing selection of information networks by the user is 
ciiaracterized in tliat the secure exchange is coupled to an authentication server, titxe 
secure exctaage uses the parameters of existing users stored in the authentication 
server to determine the legality of the user, the secure exchange is connected to the 
computer local area network and IP gateway corresponding to each of the infonnation 
networks via the network side RJ45 port, TV network port or optical 
receiving/transmitting terminal, and connected to each of the information networks 
via the wide area inteiface of the computer local area and IP gateway. 

Said system for implementing secure selection of information networks is 
characterized in that the network selector includes an IC card drive to read out the 
user infonnation stored in the user identification card, 

Said system for implementing selection of infonnation networks if characterized 
in that the secure exchange includes a drive for reading the IC card to identify the 
management identification card of the system manager, the secure exchange generates 
user identification cards based on the user information set on the secure exchange by 
the system manager. 

Said system for implementing selection of information networks by the user is 
characterized in that the user parameters transferred to the secure exchange via the 
network selector and identified by the secure exchange comprise the user' s 
fingerprint infonnation. 

Said system for implementing selection of infoimation networks by the user is 
characterized in that the user terminal is a diskless computer, and all the computer 
local area networks connected to the secure exchange are installed with file servers to 
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serve the diskless computers, the file servers have the operating system and system 
data of each of the diskless computers, and working data of each user stored therein. 

Said system for implementing selection of information networks by the user is 
characterized in that the user terminal is a computer with disk, the network selector 
instructs the computer with disk to initiate itself from the information network in the 
operating mode of a diskless computer when the computer with disk of a legal user 
having the right to use the information network accesses the information network, and 
instructs tiie local hard disk of the computer with disk to stop working. 

Said system for implementing selection of information networks fay the user is 
characterized in that the user terminal is an optical ROM computer, optical ROM 
computer reads out the operating system from the local optical ROM and initiates 
itself, but reads and writes all tlie data from/to the computer local area network to 
which it is connected. 

Said system for implementing secure selection of information networks is 
characterized in that the user terminal is a computer, the network selector is embedded 
in the computer, the panel of the network selector is a constituent part of the panel of 
the computer or is combiaed vtdth the optical disk drive or floppy disk drive. 

Said system for implementing selection of information networks by the user is 
characterized in that the user teimmal is a telephone, the telephone switches among a 
pluraUty of telephone networks via the network selector and secure exchange. 

Said system for implementing selection of information networks by the user is 
characterized in that the user terminal is a TV set, the TV set switches among a 
plurahty of TV networks via the network selector and secure exchange. 

Said system for implementing selection of information networks by the user is 
characterized in that tlie user tenninal is computer, the computer needs to be re- 
mitiated and to refresh its memory, and to be re-connected to the selected information 
network each time the user making a selection from the connected selector to change 
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bis/her choice of the information network. 

The present invention further provides a system for implementing selection of 
infoinaation network by user, comprising at least two infonnation networks and a user 
terminal, characterized in that said system further comprises a network selector 
connected between the user teixainal and the infonnation networks to receive and 
transfer user parameters and request for connecting to a particular infonnation 
network, and to control the user terminal. 

The present mvention further provides a method for implementmg selection of 
information networks by user, characterized comprising the steps of: 

(1) a network selector receives and transfers user parameters and requests for 
connectmg to a particular infonnation network selected by the user, and controls the 
Xi$er terminal; 

(2) a secure exchange, in response to the request for connecting to the particular 
haformation network selected by the user^ determines the legahty of the user' s 
request based on the user parameters; 

(3) the secure exchange accepts or rejects the user' s request for connecting to 
the particiflar information network based on the result of detennination. 

Said method for implementing selection of information networks by the user is 
characterized in that step (1) further comprises the steps of : 

a. the network selector reads the user identification card and password, obtains 
the user identity, determines the type of the user terminal, and generates user 
parameters including the user identity, his/her right to user encryption level of secure 
networks, jurisdiction networks or dedicated networks, and the type of the user 
terminal; 

b. the network selector receives the request for selecting an information 
network by the user, including the number and the link path of the information 
network selected b the user; and 
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c. the network selector passes the user parameters and request to the secure 
exchange. 

Said method for implementing secure selection of infoimation networks is 
characterized in that $tep (2) further comprises the steps of; 

d- determining whether the user accesses a secure network, jurisdiction network, 
or dedicated network; 

e. if the u$er accesses a secure network, jurisdiction network or dedicated 
network, a determination is made of whether the user has the right to access this 
information network; and 

£ if the user has the right to access the information network, a further 
determination is made of whether the terminal used by the user has a hard disk or 
memory for storing iuformation. 

Said method for implemeating secure selection of infonnation network is 
characterized in that step (3) further comprises the following steps: 

g. if the user does not access a seciire network, jurisdiction network or dedicated 
network, then the public information network is accessed for the user; 

h_ if the user has no right to access a secure -network, jurisdiction network or 
dedicated network, access to the infonnation network is rejected; and 

i. if the user has the right to access the secure network, jurisdiction network or 
dedicated network, and the tenninal used by user has no hard disk or memory for 
storing information, then the network requested to be accessed by the user is accessed; 

if the user has the right to access the secure network, jurisdiction network or 
dedicated network, but the user tenninal has a hard disk or memory for storing 
informatiorL the secure exchange and network selector access tire information 
network for the user under the condition that the user has stopped the operation of the 
hard disk and refreshed the memory. 

Said method for implementing selection of infonnation networks by the user is 
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characterized in that a premises concentrator is coupled between the nctv/ork selector 
and ttie secxire exchange for composing and decomposing the signals of the user 
teijninals transferred by the network selector. 

Said method for implementing selection of information networks by the user is 
characterized in that a storey concentrator is coupled between the premises 
concentrator and the secure exchange for concentrating the plurality of premises 
concentrators, and for multiplexing aad relaying the signals. 

Said method for implementiag selection of information networks by the user is 
characterized in that one of the two undefined twisted pairs in the RJ45 port for 
connecting the network selector, premises concentrator, storey concentrator, ad secure 
exchange is lised to transfer signals. 

Said method for implementing selection of information networks by ttte user is 
characterized in that the other one of the two undefined twisted pairs of the RJ45 port 
is used for accessing the telephone network. 

Said method for implementing selection of information networks by the user is 
characterized in that the user parameters transferred to the secure exchange via the 
network selector and identified by the secure exchange include the fingerprint 
information of the user. 

Said method for implementing selection of information networks by the user is 
characterized in that the user parameters transferred to the secure exchange via the 
network selector and identified by the secure exchange include the face image 
infonnation of the user. 

Said method for implementing selection of information networks by the user is 
characterized in that the user terminal is one or two or all of a computer, telephone 
and TV set; Ihe information networks are interconnected public information networks 
or physically isolated dedicated networks, secure networks or jurisdiction networks, 
the public information networks include the telephone networks, TV networks, data 
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networks, IP networks and broad band IP networks. 

S aid method for implementing selection of iafomation networks by the user is 
characterized in tJiat the user tenninal is a telephone, the telephone switches among a 
plxirality of telephone networks via the network selector and secure exchange. 

Said method for implementing selection ofinformation networks by the user is 
characterized in that the user tenninal is a TV set, the TV set switches among a 
plurality of TV networks via the network selector and secure exchange. 

Industrial Applicability 

The system and method of the present invention for implementing selection of 
information networks by the user enable the user to realize free selection of 
information networks by manipulating the mutually cooperative relationships between 
the handy network selector and the remote secure exchange, to protect the selected 
network from attacks by other networks to guarantee the security of information, and 
to gain the following economical and social benefits: 

1. Enabhng the users to have their rights of selection and to break the monopoly 
of information networks, which not only reduces the prices set by the information 
tietwork companies to benefit the users due to market competition, but also motivates 
the potentials of the infonnation network companies to increase the economical 
benefits of those companies due to market competition, the final result is that common 
improvement of the society can be stimulated, 

2. Not only guaranteeing that there will be no opportunity for the hackers on the 
computer Internet to attack the information on a secure information network, but also 
capable of hmiting the number of persons accessing a secure network and their 
activities to reduce the difficulties for the police to investigate crimes, thereby the 
security of the ioforaiation networks and the pubhc confidence of the itiformation 
netwoiics can be improved. 

3. The present mvention permits virtual increment and decrement of the number 
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of the security level of tlie inforniadon network, therefore, it is appUcable to both 
$mall organizations with lower requirements on security and two physically isolated 
information networks, and large transterritorial and transnational organizations with 
large personnel, complex service flows and high sensitivity on the security of 
computer network information of fine security levels, especially governments, 
transnational companies, and etc. 

4, The present system enables computers to be used by families as simple and 
convenient as telephones and maintenance of the normal operations of computer^ 
without high expertise, because of the reduction of software and hardware of the 
network terminal computers, the transferring of operation capacity to the central 
server, and the flexible and co-ordination management of centralized computation and 
distributed computation. At the same time^ the system utilizes the advantages of the 
existing telephone networks, cable TV networks and computer networks to their 
greatest extents without attempting to replace then, making the best use of everything. 

BRIEF Description of the Drawiags 

The system and method of the present invention for implementing selection of 
information networks by the user will be described in great details in the following in 
conjunction witb the accompanying drawings and particular embodiments. 

Fig.l is a structural diagram of the network selector according to the present 
invention. 

Fig.2 is a structural diagram of the secure exchange accordtug to the present 
invention. 

Fig3 is a structural diagram of the RJ4S plus interface according to the present 
invention, 

Fig.4 is a structural diagram of the storey concentrator according to the present 
invention, 

Fig.5 is a structural diagram of the premises concentrator according to the 
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present invention. 

Fig.6 is a schematic diagram of the system for implementing selection of 
infoimation networks according to the present invention, 

Fig.6a is a structural diagram according to the present invention with respect to 
only two information networks. 

Fig.7 is a schematic diagram of the details of a home/ofBce network according 
to the present invention, 

Fig,8 is a flowchart of the method for implementing selection of infoimation 
network and protection against attacks according to the present invention. 

Fig.Sa is the operation flowchart of the network selector and secure exchange 
according to the present invention. 

Fig.9 is the software flowchart of the network selector in the system according 

to the present invention. 

Fig, 10 is the software flowchart of the secure exchange in the system according 

to the present invention- 
Preferred Embodiments of the Present Invention 

As shown in Fig.6, the system for implementing selection of information 
networks by the user includes three portions of : 1) an end user network 51; a pubhc 
information network 52; and a secure network 53, jurisdiction network 56 or 
dedicated network 54. The end user network 51 includes: user terminals, a secure 
exchange 58, storey concentrators 59, network selectors 60( Fig,l), premises 
concentrators 61 ( Fig.5), an authenticatioQ server 62, and computer local area 
networks LAN 53' ,LAN54^ ,LAN56' 3LAN523' ,LAN524' corresponding to 
the information networks, with the end user network typically located in the same 
building (the apartment/office building 63 shown in Fig, 6); the public information 
network 52 includes telephone network 521, cable TV network 522, data network 523, 
and broad band IP network 524. There may be more than one information networks of 
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the same type in the present invention, so the corresponding computer local area 
network will be also more than one ( as shown in Fig.6). 

The i;ser terminal may be a telephone 572, TV set 573, computer 571, as well as 
other types of user terminals. 

Where, as shown in Fig.7, the network selector 60 is coupled with said 
telephone 572, TV set 574 and/or computer 571, respectively, for receiving user 
parameters, receiving and transferring the user' s request for accessing a particular 
information network, the network selector 60 also controls the hard disk of the 
computer 57 L The network selector 60 may also be provided with a camera. 

As for the premises concentrator 61, the other end of the network selector 60 is 
coupled to the terminal side interface of the premises concentrator 61 j while the 
network side port of the premises concentrator 61 is coupled to a storey concentrator 
59, the premises concentrator 61 is used for composing or decomposing the signals of 
different user termmals. 

The storey concentrator 59 is coupled between the premises concentrator 61 and 
the secure exchange 58^ for concentrating a plurality of premises concentrators 61 to 
multiplex and relay the signals of those premises concentrators 61, 

One side of the secure exchange 58 (the terminal side) is coupled to a premises 
concentrator 61 or a storey concentrator 59, and the other side (the network side) is 
coupled to local area networks corresponding to various information networks of 
telephone network 521 or cable TV network 522, data network 523, broad band IP 
network 524(including LAN53' , LAN54' , LAN56' , LAN523' , LAN524' , 
telephone access network and CATV, wherein the telephone access netvt'ork and 
CATV are not shown explicitly in Fig.6). The ports on the terminal side are physically 
isolated from each other, and the ports on the network side axe also physically isolated 
jfrom each other. The secure exchange 58 determines the legality for the user to access 
the information network based on tihe user parameters aad request jErom the network 
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selector on the temiinal side, and accepts or rejects to cormect the computer 571, TV 
set 573 and telephone 572 coupled to the network selector 60 to a particular 
iofonnation network on the network side. 

Several secure exchanges may he connected togeflier to form a network in a 
small area standing for said secure exchange 58, with the increase of the number of 
users, and for the convenience of description, the present invention takes this network 
in the small area as a suigle secure exchange, because the functionality implemented 
by this network in the small area is the same as that of the secure exchange. 

In the present invention, the overall structure of the telephone 572, TV set 573, • 
computer 571, and the network selector 60 and premises concentrator 61 comiected 
thereto is referred to as a home/ofQce network 63 1 . 

The network selector 60 according go the present invention uses RJll, RF 
and/or RJ45 ports to couple with each of the telephone 572, TV set 573 and/or 
computer 571^ the network selector 60 is coupled to the premises concentrator 61 with 
RJ45, the premises concentrator 61 is coupled in turn to the storey concentrator 59 
with the RJ45 interface, and the storey concentrator 59 is finally coupled to tlie secure 
exchange 58 with RJ45. All of those connections transfer said user parameters, 
requests and control infomiation to the secure exchange 58 using one of tiie two 
undefined twisted pairs in the RJ45 interface, the secure exchange 58 is coupled to the 
computer local area networks 0LAK53' , LAN54' , LAN56' 
LAN523 ' ,LAN524' ) corresponding to each of the information networks an the IP 
network gateway via its network side ports, and, in turn, comiected to various 
information networks via the wide area network ports of both of them. 

Since the RJ45 criteria defme that two twisted pairs are used for the transmitting 
of various protocals and network data of the ethemet, the present invention uses one 
of the other two pairs (as shown in Fig.3) to transmit information of user identity and 
right of the user to user the network encryption level and the like. Tl and T2 of Fig.3 
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represent any one of two undefined twisted pairs, T3 and T4 are another pair 
dedicated to coimect to the telephone lines, while their notions on the 4"^, 5^^ ,7^^' and 
8"^ cores are only for exemplary purpose. The voltage across Tl and T2 may be +5V, 
-f 12V, +24V -5V, -12V or -24V, the variation of voltage represents the variation of 
the information network accessed by the user terminal, thus the user selects an 
information network not by changing the IP address, but by the switching of physical 
circuit, thereby no attack can exist between infomation networks, guaranteeing the 
security of information on the network. 

The definitions of each of the cores are; " 

1. data transmitting 

2. data transniitthig 

3. data receiving ^'*+" 

4. eixcryption level, identity authentication, etc transmitting " -i-"^ 

5 . encryption level, identity authentication, etc transmitting " - " 

6. data receiving '^-^ 

7) 8 used for accessing to public telephone network 

The reason for using T3 and T4 to access the telephone network is that the too 
tightly binding of the speech communication and the data communication is not 
desired, that is, when a user selects freely a compater network for multimedia 
communication (including JP telephone), he is not forbidden to select the competitive 
public telephone network 52L However, for departments possessing sensitive 
information, the network selector 60 will block the connection of T3 and T4 to the 
public telepbone network 521 when it connects the computer terminal of the user to 
the secure network 53. 

The so defined RJ45 is referred to as RJ45 plus by the present inveoation- 
Therefore, both the termiaal side port 601 and the network side poit 602 of the 
network selector 60 are FJ45 plus ones, the terminal side port 581 of the secure 
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exchange 58 is an RJ45 plus one, the network side port 582 of the secure exchange 58 
is an RJ45 one, while both port 591 and 592 of the storey concentrator 59 are RJ45 
plus ones. 

In case of the distance between the network selector 60 and the secure exchange 
58 is within 100m, the storey concentrator 59 can be omitted. 

In case of there are only two physically isolated ethemets, and the mterfaces 
thereof are located in one room, both the storey concentrator 59 and the secure 
exchange 58 may be omitted. 

In case of the distaiace between the network selector 60 and the secure exchange 
58 exceeds lOQm, the ADSL line or cable TV line may be used 

Jn case it is necessary for the rate of the ethemet to exceed 100Mbps, optio^d 
fiber 586 or othea: broad band transmission techniques and devices can be used instead, 
and one channel therein can be designated as a control channel for transmitting the 
user parameters and control information, 

The above mentioned computer 572 may be a diskless computer, a computer 
with disk a computer with read only optical disk or a graphic terminal. 

The network selector 60 connected to the TV set 573 is used for selecting cable 
TV network 522 and video on demand, the network selector 60 downloads the 
program lists of the TV stations and displays them on the screen of the TV set, and 
then the user selects and interesting program. 

The so called diskless computer mentioned above refers to one without any 
system hard disk to boot up the machine itself and any user hard disk to store data, but 
with internal memory, central processing unit (CPU), mother board, rack, display, 
keyboard, etc. The diskless computer can only read the operatmg system associated 
with the computer from tlie file server via the ethemet into its local memory using the 
above mentioned network access scheme, and then iuitiatmg relative device from tli.e 
local memory. 
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For computers with disks, tiie network selector 60 coimected thereto instructs it 
to boot up itself firom the network in the operating scheme of a diskless computer, and 
having the local hard disk stopping operating, A computer with read only optical disk 
is allowed to read out the operating system from the local read only optical disk and to 
initiate itself, but all the data are read from the accessed information network. 

The network selector 60 is further provided with an IC card drive for reading out 
the user information stored in the user identification card 64. The secure exchaage 58 
is also provided with a drive for reading IC cards for the secure exchange to identify 
the management identification card of the system manager and to generate the user 
identification cards. 

The network selector 60 recognizes the network to which the user expects to 
connect based on the number set by the user. Since the network selector includes a 
card reader, the network selector 60 has the functionality of reading the information 
on the user identification card 64 inserted into the card reader, when no user 
identification card 64 is inserted, the network selector 60 sets the number to 0 
automatically, indicating that the telephone 572, TV set 573 and computer 571 
connected by the network selector 60 will access the default public information 
network 52, Especially each time a user changes liis/her selection of an information 
network on the network selector 60 connected by computer 571, it will cause the 
computer 571 to be re-ioitiated and re-connected to the new information network. 

The network selector 60 and secure exchange 58 may authenticate the legality of 
the user identity based on the fingerprint information or face image information of the 
user when the user selects a particular information network. 

The netvv^ork selector 60 may also be embedded in the computer 571, such that 
the panel of the network selector 60 constitutes part of the panel of the computer 571 
or combines with the optical disk drive or floppy disk drive, and the network number 
display 604, the network numbeo: selecting button 603 and network number 
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confinning button 605 may also be integrated into the panel of the optical disk drive 
or the floppy disk drive, and two information signal lines may be led ont to the Tl and 
T2 of the RJ45 interface of the ethemet (see Fig.3), or to the Tl and T2 of the RJ45 
interface of the. Mother board. The advantages of this design are energy saving, 
convenient to use and occupying less space. 

The network selector 60 connected to the telephone 572 may also be embedded 
in the premises concentrator 61 belmd the RJll port, tlie network selector 60 selects 
corresponding information network by recognizing the diahng tone of the telephone 
572. 

The secure exchange 58 guarantees that the dedicated network 54, secure 
network 53, jurisdiction network 56 and the public infonnation network 52 axe 
mutually isolated. The secure exchange 58 also comprises a card reader, only the 
system manager owns the management card of the secure exchange, and only the 
system manager has the right to maintahi the secure exchange 58, The system 
manager sets the information of the encryption level, right and the like of each user on 
tlie secure exchange 58, and produces the user identification card 64 for each of the 
users. 

There are only one RJ45 plus port 592 and one RF port 593 on the network side 
of said storey concentrator 59, and only one RF port 594 and a plurality of RJ45 plus 
ports 591 on the terminal side thereof , the storey concentrator 59 is without any IC 
card, the storey concentrator 59 serves to extend the number of users accessing the 
networks. 

The system of the present invention employs conventional tree wiring structure, 
the computer 571, TV set 573 and telephone 572 are located on the leaf positions 
connecting to the terminal side RJ45 plus port 601, RJll port or RF port 611 of 
respective network selector 60 (Fig.l), which is in turn connected to a premises 
concentrator via the network side RJ45 plus port 602 or RJ port 612 (Fig.5), one or 
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more premises concentrators 61 are connected to the tenninal side ports 591 and 594 
of a storey concentrator 59 (Fig.4) to form a home/office network 631 (Fig.7), the 
home/office network 631 is in turn connected to the terminal side port of the secure 
exchange 58 via the nel"work side port 592 of the storey concentrator 59 (Fig.2), and 
all the wiring criteria from the network selector 60 to the terminal side port of the 
secure exchange 58 use the Type 3 and Type 5 twisted pair RJ45 plus (Fig. 3) or 
optical jBber 586, cable TV copper cable 58 L The secure exchange 58 in turn 
connected to the local networks corresponding to various information networks via 
the network side RJ45 ports 583, the cable TV network side ports 582 or optical 
receiving/transmitting teiminals 584^ 585, these in fonnation networks may be 
interconnected pubhc information networks 52, or may be physically isolated 
dedicated networks 54 or secure networks 53 and the like. All the computer local area 
networks (LAN53' , LAN54' , LAN56' ,LAN523' , LAN524' , etc) connected 
with the secure exchange 58 are provided with file servers operating with the diskless 
computer, the file servers store the initiating program and the system data of each of 
the diskless computers and working data of each of the users, in addition ,the 
computer local area networks are provided with domain name servers, vww servers, 
FTP servers, and etc. 

Recently, many users have integratively wired two physically isolated computer 
571 ethemets into tb.e same room ,one connected to tlie internet 528, and the other 
connected to a secure network 53 or a dedicated network 54, for these cases, only a 
network selector 60 is needed to connect the diskless computer (or the computer with 
disk under the control of the network selector 60) to the respective information 
network based on the selection of the user, without the need for a secure exchange 58 
and a storey concentrator 59. However, if the diskless computer is relatively distant 
from the ports of the two networks, a secure exchange 58 is needed to be connected 
in-between^ as shovm in Fig.6a. 
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Each of the above mentioned networks to be selected by the iisers, especially the 
public infonnation networks 52, is in competition with each other duo to being 
selectable by the users. 

The method for implementing selection of information networks by the user 
according to the present invention is characterized in that: a user sets the nximber of 
lie infonnation network to be connected on the network selector 60; the network 
selector 60 checks the inserted user identification card and the user' s face image 
obtained by the camera to recognize the user' s identity, his/her right to use the 
network encryption level, the number of the network and other parameters, and 
transmitting these parameters in combination as a request to the secure exchange 58 
via the Tl, T2 of RJ45 plus; if no user identification card 64 is detected by the 
network selector 60, then the network number is automatically set to 0, indicating that 
the user accesses the pubhc information network 52 only; after receiving the request 
from Tl and T2 of RJ45 plus, the secm-e exchange 58 checks whether the user is a 
legal user and has the right to access the infonnation network he/she desired to access 
based on the parameters of user password, face image, and etc stored in the 
authentication server;, and connects to the information network the user desired to 
access after confirmation of the parameters. It may be selected to check the user 
identijacation card only, or to check both the user identification card and fingerprint, 
or to check all of the user identification card^ fingerprint and face image. The 
flowchart of the method is shown in Fig.Sa. 

The particular flow is as follows: 

Receiving user parameters and request; 

In response to the user ' s request for accessing a particular information network, 
authenticating the legality of the user based on said user parameters; 

Accepting or rejecting the user' s request for accessing the particular 
information network based on the results of authentication; 
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Said user parameters including: user identity, face image, encryption key, the 
right of encryption level for the user to access said information network, the number 
and link path of the information network cmrently requested to access by the user, 
whether requesting to initiate the local computer jfrom said infonnation network, 
whether there being a system disk, whether it being a read only optical disk computer 
or graphic terminal, and etc; 

The authentication of the user' s legality including determining whether the 
user accessing and having the right for accessing a secure network 53, jurisdiction 
network 56 or dedicated network 54; 

If said user does not access a secure network 53, jurisdiction network 56 or 
dedicated network 54, connecting to the public infonnation network 52 for the user; 

If $aid user accesses a secure network 53, jurisdiction network 56 or dedicated 
network 54, detexmining whetlier the user having the right for accessing the 
information network; if no right, rejecting to connect to the secure network 53, 
jurisdiction network 56 or dedicated network 54; 

If said user has the right for accessing the secure network 53, jurisdiction 
network 56 or dedicated network 54, then determining whether the local user terminal 
used by the user having a hard disk or memory to store information, if so, connecting 
to the information network under the premise of stopping the operation of the hard 
disk and/or refreshing the memory; otherwise, connecting to the information network; 
and 

Providing the services of the information network after connecting to said 
information network. 

As for the computer 57 1^ each time it changes to another information network, 
the computer 571 shaJl be re-powered, its memory and other dynamic memories shall 
be refreshed, and if necessary, they shall be refreshed for several times in a short 
period, for example in one second, to ensure that they will not be stored with the 
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infonnation of the previous network when accessing other networks; after the file 
server has confiimed the user' s request, it transfers the bootstrap program of the 
diskless computer to initiate the diskless computer accordingly, and after the user has 
keyed in the user name and password, it enters normal operating status. The TV set 
573 and telephone S72(if without any luemory) is not necessary to perform security 
check temporarily 

Fig.8 is a flowchart of the method for implementing both selection of 
inforroation netv^^orks and protection from attacks, the following is a description of the 
flowchart in further details. 

The parameters of the user identity, encryption key the right for the user to 
access a particular information network^ the number of the information network 
currently to he accessed by the user, whether the local computer being required to be 
initiated from the particular information, whether the computer having a data disk, 
and etc are obtained in step Al, then the process proceeds to step A2, if a diskless 
computer is determined in A2, the process proceeds to A3, otlierwise it is a computer 
with disk and the process proceeds to Bl^ if the computer with disk does not access 
the public infomiation network 52^ then the network selector 60 instructs the 
computer hard disk to stop working during the period of access in step B2^ which 
implies that the computer with disk should be initiated and run in the same maimer as 
a diskless computer, tlien the process proceeds to A3, if the user is determined to be 
illegal in step A3, then it alarms in step CI aud the use of the network by the user is 
stopped, the user is prompted to change his/her parameters, once tlie user has changed 
the parameter in step C2, tlie process returns to Al, if the user is determined to be 
legal in step A3, then the process proceeds to step A4 to connect the line for the user 
and to nm normally until the user parameters have been changed, then the process 
returns to step Al from step A5, 

The functionality of Fig.8 is implemented by the co-ordination of the software 
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of the network selector 60 and the secure exchange 58. Tlie main function of the 
network selection 60 is to provide the associated parameters of the user to the secure 
exchange 58, and to get ready for stopping the user of a particular information 
network by an illegal u$er at any time. The main function of the secure exchange 58 is 
to clieck the legality of the usei^ and to connect to information network for a legal usen 
A further description is given below with reference to Figs. 9 and 1 0. 

Referring to Fig,9, the network selector 60 determines whether the connected 
computer 571 should be initiated locally in. step 11, The network selector 60 
determines tbat the computer 571 has a systom hard disk in step 12 and, for the sake 
of information security, the network selector 60 will prohibit the computer 571 to 
access the secure network 53, dedicated network 54 or jurisdiction network 56, but 
allows it to access the public information network 52, so the number of the network is 
forced to be set to 0 in step 14, Step 13 indicates that the computer 571 i$ a diskless 
computer and it has the right to access each of tiie secure networks 53, jurisdiction 
net-works 56 or dedicated networks 54, but the user is required to insert his/her 
identification card 64 for the network selector 60 to obtain the user' s identity 
information, which is combined with Hie number of the information network selected 
by the user in step 15, and transmitted to the secure exchange 58 via Tl and T2 of the 
RJ45 plus in step 17. If it is determined in step 16 that the number of the network 
selected by the user is 1 through 7 (this classification of networks is exemplary only) 
and there is a local hard disk, then the computer is initiated from the network and the 
power supply of the local hard disk is cut off during the access to the secure network 
53, jurisdiction network 56 or dedicated network 54. Thus, the infomiation of the 
secure network 53, jurisdiction network 56 or dedicated network 54 can be protected 
from downloading to the hard disk of the computer, otherwise, secret information may 
be divulged when the computer accesses other information network subsequently If 
no user identification card 64 is received by the network selector 60, the number of 
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the network is set to 0 automatically in step 14^ indicating that the user will access the 
public information network 52 only. The response on the legality of the user from the 
secure exchange 58 is waited for in step 18, if the result is illegal, flien the process 
proceeds to step 19 to stop the access of the network. The network selector waits for 
the user to change his/her identify or the number of the network in step 20, i.e. 
changing to anotlier user, if not, whether the cxirrent user wishes to change the 
connected information network, if either one of those changes occurs, the process 
proceeds to steps 21 and 17, and loops back. 

Referring to Fig. 10, the secure exchange 58 waits for the request from the 
network selector 60 via. Tl and T2 of the RJ45 plus in step 41 , when there is no 
request, it waits hx a loop, when a request comes, the process proceeds to step 42, 
there must he a change of the network number or a change of tixe user identity^ if it is 
a change of the user identity^ and the user has the right to access the current 
information network, then the information network to be accessed by the current user 
is connected to, these are performed in steps 43^ 46 and 47, then the process returns to 
step 41 to wait; if it is a change of the user identity but the user have no right to access 
the current secure netv^^ork 53, jiuisdiction network 56 or dedicated network 54, the 
process proceeds to step 45, stops connecting ,and reports an error to the network 
selector 60. If there is no change of the user identity, then it must be a change of the 
network number, if it is determined in step 44 that the user has the right to access the 
secxjre netwodi 53, jurisdiction network 56 or dedicated network 54, the current file 
server is notified of to save its current status, and the file server of the corresponding 
information network is connected to based on the user identity, network number, and 
etc. Then the process returns to step 41. 

Since Hie public information network 52, secure network 53, jurisdiction 
network 56 or dedicated network 54 are mutually physically isolated, the data can not 
be read from each otlier, especially it is impossible to attack other information 
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networks foim the computer Internet 526. A diskless computer connected to an 
informatioa network becomes part of the infonnation network automatically^, since 
there is no hard disk, it is impossible to save data locally, while an computer witli disk 
accesses a secAire network 53, jurisdiction network 56 or dedicated network 54, the 
hard disk is stopping working, therefore when a computer exits an iirfoxmation 
network and connects to another information network, it is impossible for it to divulge 
any information of the previous information ne^vork, therefore security of the 
infonnation of the information network can be ensured. 

When a user switches between infonnation networks, the current operating 
status of the user is saved by the network server automatically, in order to continue the 
operation when switching back again. 

We may review the procedure for implementing this method more hevuistically. 
This procedure corresponds to have several information networks isolated from each 
other in front of the user, and the user inserts the network plug of a computer into one 
or another infonnation network frequently. 

The reason for using diskless computers is to protect against divulging of 
information from the user' s computer, the reason for using the network selector 60 
and $ecure exchange 58 is to extend the length of the arm for inserting the plug, and to 
reduce the cost of wiring and construction. 

The system and method of the present invention for implementing selection of 
information networks by the user make it possible for the telephone networks 521, 
cable TV networks 522 and data networks 523 in the information networks be more 
than one. The boundary between the telephone network 521 and the end user network 
51 is defined on the wide area network interface of the gateway 66 connected to the 
secure exchange 58 (Fig.6), thus the optical fiber of the telephone network is only 
necessary to extend to the building or road side without the necessity of directly 
entering the preixuse, the end user may exercise his/her right of selection with the 
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network selector 60 to select a satisfactory telephone network 521 or cable TV 
netwoit 522 to provide services for him/her, thus causing competitions between the 
telecormnuiiicatioil network bet%veeu the cable TV networics, and between the 
telephone networks and the cable TV networks and thus breaking the monopoly of the 
local network. 

The end user network 51 system of the present invention may alleviate the 
operating duty of the local network, reduce the complexity of the local network, and 
increase the concentration of the information networks. The end user designates a 
network to be connected to with the network selector, and reaUzes selection of 
networks under the help of the secure exchange 58, the above mentioned telephone 
network 520 may further extend to a telecoxnmtmication network to cause a fiilly 
competitive situation of telecommunication to come into being. 

At that time, when a user calls on the telephone: the user picks up the telephone 
hand set and dials the telephone number of the called party, a plurality of telephone 
network names, the unit prices needed to complete this call by each of those telephone 
networks, the expected value of the call quality level, and etc will be displayed on the 
screen of the network selector 60 to which the telephone 572 is connected, the user 
may select a particulai- network on the network selector 60 based on these information, 
and communicates with it with the help of the secure exchange 58, the user may 
detect the perfonnance-price-ratio of other telecommiuiication networks during the 
call, and thereby to switch to a more satisfactoiy network. The user may also specify 
to use the network of a specific long distance teleconununication company, and 
request it to connect automatically with the network of the local telephone company 
selected fay the user Similarly, the user may select a satisfactory network at any time 
for other dialmg services. 

The obtaining of telecommunication level quality resides in that the line 
switching technique thereof ensure the user to monopolize a channel from end to end. 
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According to the system and method of the present invention, the end user network 51 
is in fact an extended computer local area network, the user is ensured to monopolize 
at least 10Mbps of band width firom his/her computer to the secure exchange, aad 
there is no change in the telephone network 521, cable TV network 522 and computer 
network outside the secure exchange 58. One voice chamiel is only 64kbps, one 
channel of uncompressed TV signal only occupies 6Mbps, while the throughput of a 
modem line rate routing exchange can achieve 20 Gbps and more, which can support 
more than 3000 TV sets to demand video simultaneously, more than 3 millions of 
telephone to call simultaneously, or more tiian 20000 computers to perfomi 
networking operation simultaneously. The system and method of the present invention 
do not force the telephone network, TV network and computer network to be involved 
in the so called "merging of three networks" , but continue to utihze the advantages 
of each of the networks, therefore, when a user needs to call, the secure exchange 58 
of the present invention can help the user to communicate with the traditional 
telephone network. 

According to the present invention, the TV set, video telephone and computer 
can also be combined to share the network selector, the network selector is provided 
with three sets of selection buttons, controlhng the selections of the cable TV network 
522, computer network and video telephone network, respectively. With the help of 
the secure exchange 58, the computer network transmits the up link command of the 
VOD, and the cable TV network transmits the down link signal of the VOD to be 
played on the combination or displayed on an existing analog TV set after D/A 
conversion. With the selection mechanism of the information network, the VOD 
utilizes the up link capability of the telephone network and computer network without 
the necessity of the bi-directional reform of the cable TV network 522, In addition, 
the up link chaimel can further be implemented with wireless mobile network or 
wireless fixed network. 
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What is claimed is: 

1. A system for implementing selection of information networks by user, 
including at least two infomiation networlcs and a user terminal, characterized in 
further comprising: 

network selectors, with one end thereof connected to the user terminal for 
receiving and transferriiig user parameters and requests for connecting to a particular 
information network, and for controlling the user tenninal; 

a secure exchange, connected to the other end of each of the network selectors, 
the network side ports of the secure exchange are physically isolated from each other, 
the temiinal side ports of the secure exchange are also physically isolated from each 
other; the secure exchange deteruiiiies the l&gality of the user parameters and requests 
&om the network selectors, and accepts or rejects to access the particular infomiation 
network requested by the user based on the result of the determination. 

2. Tlie system for implementing selection of information networks by user 
according to claim 1, characterized in further comprising a premises concentrator, 
connected between the network selector and the secure exchange, for composing and 
decomposing the signals of the user terminals transferred by the network selector. 

3. The system for implementing selection of information networks by user 
according to claim 2, characterized in further comprising a storey concentrator, 
connected between the preiriises concentrator and the secure exchange, for 
concentratmg a plurality of premises concentrators and for multiplexing and relaying 
the signals of the premises concentrators, 

4. The system for implementing selection of information networks by user 
according to claim 1, 2, or 3, characterized in that the user terminal is one, two, or all 
of a computer, a telephone and a TV set; the information networks are interconnected 
pubhc information networks or physically isolated dedicated networks, secure 
networks or jxirisdiction networks, the pubhc information networks include telephone 
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networks, TV networks, data networks, IP networks, and broad band ff networks. 

5. The system for implementing selection of information networks by user 
according to claim 1, characterized in that the network selector is provided with an RF, 
RJ 11 and/or RJ 45 port to connect with the user terminal; the network selector is 
connected to the secure exchange with an RJ 45 interface, the connection transfers 
said user parameters, requests and control information using one of the two undefined 
twisted pairs in the RJ 45 interface. 

6. The system for implementing selection of information networks by user 
according to claim 2, characterized in that the network selector is provided with an RP, 
RJ 11 and/or RJ 45 port, for connecting to the user terminal' the network selector and 
the premises concentrator are connected witli an RJ 45 interface, the premises 
concentrator is comiected m turn to the secure exchange with an RJ 45 port, the 
signals are transferred between the network selector, the premises concentrator and 
the secure exchange using one of the two undefined twisted pairs in the RJ 45 port. 

7. The system for implementing selection of information networks by user 
according to claim 3, characterized in that RJ 45 ports are provided on both tlie 
terminal side and the network side of the storey concentrator, the storey concentrator 
uses one of the two undefined twisted pairs in the RJ 45 port to transfer parameters 
and signals, the twisted pair causes the secure exchange to switch among the 
information networks with the variations of voltage. 

8. The system for implementing selection of information networks by user 
aocordmg to claim 5, 6, or 7, characterized in that the other one of the two undefined 
twisted pairs in said RJ 45 port is used to connect to the telephone networks. 

9. The system for implementing selection of information networks by user 
according to claim 5, 6, or 7, characterized in that said connecting lines use optical 
fibers, cable TV lines or ADSL lines to transfer parameters and signals. 

10. The system for implementing selection of information networks by user 
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according to claim 5, 6, or 7, characterized in that the secure exchange is connected to 
an authentication server, the secure exchange uses the existing user parameters stored 
in the authentication server to determine the legality of the current user, the secure 
exchange is connected to the computer local area network and IP gateway 
corresponding to each of the information net^vorks via the network side RJ 45 port, 
the TV network KF port or optical receiving and transmitting terminal, and cmnected 
to each of the information networks via tiae wide area network interface of the 
computer local area network and the IP gateway. 

11. The system for implementing selecting of information networks by user 
according to claim 1, 2, or 3, characterized in that the network selector is provided 
with an IC card drive, for reading out the user information stored in user identification 
card. 

12. The system for implementing selection of in formation networks by user 
according to claim 11, characterized that the secure exchange is provided with a drive 
for reading IC cards to identify the management identity of system manager, the 
secure exchange generates user identification cards based on the user information set 
on the secure exchange by the system manager. 

13. The system for implementing selection of information networks by user 
according to claim 1» characterized in that the user parameters transferred to the 
secure exchange via the network selector and authenticated by the secure exchange 
include the fingerprint information of the user. 

14. The system for implementing selection of information networks by user 
according to claim 1, characterized that the user parameters transferred to the secure 
exchange via the network selector and authenticated by the secure exchange include 
the face image information of the usen 

15. The system for implementing selection of information networks by user 
according to claim 1, 2, or 3, characterized in that the user terminal is a diskless 
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computer, and all the computer local area networks connected to the secure exchange 
are provided with a file server for operatiijg with the diskless computer, the file server 
has the operating system arid system data of each of the diskless computer and the 
operating data of each of fee user stored therem. 

16. The system for implementing selection of information networks by user 
according to claim 1, 2, or 3, characterized in that the user terminal is a computer with 
disk, when a user of the compnier with disk having the right to use an information 
network accesses the infoxmaiion network, the network selector instructs the 
computer -with disk to initiate itself jfrom the information network in the operating 
maimer of a diskless computer, and instructs the local hard disk of the computer with 
disk to stop operating. 

17. The system for implementing selection of information networks by user 
according to claim 1, 2, or 3, characterized in that the user terminal is a computer with 
read only optical disk, the computer with read only optical disk reads out the 
operating system from the local read only optical disk and initiates itself, but all the 
data it reads and writes ai^e on the computer local area network to which it is 
connected. 

18. The S3^tem for implementkig selection of information networks by user 
ajccording to claim 1, characterized in that the user terminal is a computer, the 
network selector is embedded in the computer, and the panel of the network selector is 
a constituent part of the panel of the computer or is combined with the optical disk 
drive or the floppy disk drive. 

19j, The system for implementing selection of information networks by user 
according to claim 1, 2, or 3, characterized in that the user terminal is a telephone, the 
telephone switches among a plurality of telephone networks via the network selector 
and the secure exchange. 

20. The system for implementing selection of information networks by user 
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according to claim 1, 2, or 3, characterized in that the user tenninal is a TV set, the 
TV set switches among a pluraHty of TV networks via the network selector and the 
secure exchange. 

2L The system for unpiementing selection of information networks by user 
according to claim 1, 2, or 3, characterized m that the user terminal is a computer, 
when the user changes the selection of an information network form the network 
selector to which the computer is connected, the computer should be re-initiated with 
the memor/ therein being refreshed, and re-connected to the iofoimation network 
newly selected. 

22, A system for implementing selection of information networks by user, 
including at least two information networks and a user terminal, characterized in 
further comprising a network selector, connected between the user terminal and the 
information networks, for receiving and transferring user parameters and request for 
connecting to a particular mformation network, and for controUmg the user terminal. 

23, A method for implementing selection of information networks by user, 
characterized in comprising tlie steps of: 

(1) a network selector receives and transfers user parameters and user request for 
selectively connecting to a particular information network, and controls tlae user 
terminal; 

(2) a secure exchange connects to the particular information network in response 
to the request of the user from the network selector, and determines the legality of the 
user ' s request based on the user parameters; and 

(3) the secure exchange accepts or rejects the U5er' $ request for connectmg to a 
particular information network based on the result of determination, 

24, The method for unpiementing selection of information networks by user 
according to claim 23, characterized in the step (1) further comprising the steps of: 

a. the network selector reads the user' s identification card and encryption key 



33 



to obtain l3ie user's identity and determine the type of the user terminal device, and 
generates Mser parameters including the user identity, the right to use the security level 
of a secure network, jurisdiction network or dedicated network, and the type of the 
user termiaai; 

b- the network selector receives the user' s request of selecting an information 
network, including the number and link path of the infonnation network selected by 
the user; and 

c. the network selector lr4nsfers the user parameters and the user' s request to 
the secure exchange, 

25, The method for implementing selection of information networks by user 
according to claim 23, characterised in that the step (2) further comprising the steps 
of: 

d- detemiining whether the user accesses a secure network, jurisdiction network, 
or dedicated network; 

e. if the user accesses the secure network, jurisdiction network, or dedicated 
network, further detennining whether the user has the right to use this information 
network; and 

f. if the user has the right to use this infonnation network, further determining 
whether the terminal device used by the user is provided with a hard disk or memory 
to store information. 

26. The method for hnplementing selection of information networks by user 
according to claim 25, characterized in the step (3) further comprising the steps of : 

g. connecting tlie user to the public mfoimation networlc, if tlie user does not 
access the secure network Jurisdiction network, or dedicated network; 

h. rejecting to connect to the information network, if the user is of no right to 
use the secure network, jurisdiction netwoik or dedicated network; and 

connecting to the information network requested by the user, if the user is of 
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the right to use the secure network jurisdiction network or dedicated network aad the 
user terminal used by the user is not provided with hard disk or meTiQOT>' for storing 
information; 

the secure exchange and network selector connecting to the information network 
for the user under the conditions that the user has stopped the operation of the hard 
disk and refreshing of the xneniory, if the user is of the right to use the secxire network, 
jurisdiction network, or dedicated network but the user terminal is provided with a 
hard disk or memory for storing infomiation. 

27, The method for implementing selection of information networks by user 
according to claim 23, characterized in that a premises concentrator is connected 
between the network selector and the secure exchange, for composing and 
decomposing the signals of the user tenninals transferred by the network selector. 

28, The method for implementing selection of information networks by user 
according to claim 27, characterized in that a storey concentrator is connected 
between the premises concentrator and the secure exchange for concentrating the 
plurahty of premises concentrators, and multiplexing and relaying the signals. 

29, The method for implementing selection of information networks by user 
according to claim 28, characterized in that all the ooimections between the network 
selector, premises concentrator, storey concentrator and secure exchange use one of 
the two undefined twisted pairs in an RJ45 port to transfer signals. 

30, The method for implementing selection of information networks by user 
according to claim 29^ characterized in that the other one of the two undefined twisted 
pairs in the RJ45 port is used for connecting to the telephone network. 

31, The method for implementing selection of information networks by user 
according to claim 23, characterized in that the user parameters transferred to the 
secure exchange via die network selector and authenticated by the secure exchange 
include the fingerprint mformation of the user. 
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32. The method for implementing selection of information networks by user 
according to claim 23 j characterized in that the user parameters transferred to the 
secure exchange via tlie network selector and authenticated by the secure exchange 
include the face image information of the user. 

33. The method for implementing selection of information networks by user 
according to claim 23, characterized in that the user teiminal is one, two, or all of a 
computer, telephone and TV set; the information networks are interconnected public 
information networks, or physically isolated dedicated networks, secure networks or 
jurisdiction networks, the public information networks include telephone networks, 
TV networks, data networlcs, IP networks and broad band IP networks. . 

34. The method for implementing selection of information networks by user 
according to claim 23, characterized in that the user terminal is a telephone, tlie 
telephone switches among a plurality of telephone networks via the network selector 
and the secuore exchange. 

35. The method for implementing selection of information networks by user 
according to claim 23, characterized in that the user terminal is a TV setj the TV set 
switches among a plurality of TV networks via the network selector and secure 
exchange. 
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